Panelists taking part in the Oversight and Investigations Subcommittee discussion on “Aging Technology, Emerging Threats: Examining Cybersecurity Vulnerabilities in Legacy Medical Devices” were asked about the impact of FDA staff reductions on medical device security.
“Tremendous,” said Kevin Fu, professor from the department of Electrical and Computer Engineering at the Khoury College of Computer Sciences at Northeastern University. Fu formerly served as the inaugural acting director of Medical Device Cybersecurity at the FDA’s Center for Devices and Radiological Health (CDRH) and program director for Cybersecurity at the Digital Health Center of Excellence.
Erik Decker, vice president and CISO at Intermountain Health, said the FDA is a key stakeholder in cybersecurity efforts.
“Yes, it will have an impact,” Decker said.
Medical device manufacturers, hospitals and the FDA partner, he said. HHS, the FDA and the healthcare industry have established numerous task groups under the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG).
However, Decker said, analysis shows that on average, hospitals only have about 55% of the Health Industry Cybersecurity Practices (HICP) recommended practices for medical device security implemented.
Decker said there are four groups of threat actors: nation-state actors, organized crime, “hacktivists” and insider threats.
Panelist Greg Garcia, executive director, Health Sector Coordinating Council Cybersecurity Working Group, said next week they will release a white paper on how health systems are undersourced in finances and staffing for cybersecurity protection.
Read the full article in Healthcare Finance News. Click Here
